China’s Mustang Panda APT — also tracked as TA416, Bronze President, or Stately Taurus — is best known for adaptable tradecraft and a steady focus on geopolitical intelligence collection. In its most recent campaign, researchers tied to Acronis observed the group shifting some of that attention toward India’s financial sector. The attacks are notable less for technical sophistication than for
Category: Data Breach
Data Breach, data breach alert, data leak, data leakage, security incident, breach investigation, breach response, credential leak, personal data exposure, data theft, leaked database, exposed records, account compromise, password leak, corporate data breach, remote code execution, cyber espionage
Comment and Control: How GitHub Comments Became a New Prompt-Injection Threat
A new class of prompt-injection attacks—dubbed “Comment and Control”—turns GitHub pull requests, issues, and comments into attack surfaces that can hijack AI coding agents and siphon secrets directly from CI/CD environments. Unlike classic prompt injection that waits for a user to feed a document to an agent, this pattern is proactive: opening a PR or posting an issue can automatically
Anthropic’s MCP Design Flaw: How a Protocol-Level Vulnerability Enables Remote Code Execution at Scale
A critical architectural flaw in Anthropic’s Model Context Protocol (MCP) ecosystem has exposed a vast number of downstream systems to remote code execution (RCE) risks. Researchers at OX Security found the issue embedded across official MCP SDKs for Python, TypeScript, Java, and Rust — meaning developers building on MCP inherit the vulnerability by design rather than through a simple coding
Lovable AI App Builder Reportedly Exposes Thousands of Projects’ Source Code and Customer Data
A critical Broken Object Level Authorization (BOLA) vulnerability in Lovable, an AI-powered app builder, has reportedly left thousands of legacy projects accessible to unauthorized users. According to security researchers, an API endpoint returned full project data — including source code, database credentials, AI chat histories, and customer information — for projects created before November 2025. While Lovable appears to have
Rockstar’s GTA Data Leak: ShinyHunters Expose 78.6M Records via Anodot–Snowflake Pivot
Rockstar Games confirmed in April 2026 that a third-party compromise led to a substantial exposure of analytics records tied to GTA Online and Red Dead Online. Although player accounts and payment systems were reportedly unaffected, the incident highlights how attackers are increasingly leveraging trusted SaaS integrations and stolen service tokens to pivot into high-value environments. This post unpacks the timeline,
Price Elasticity: The One Data Point That Could Clarify AI’s Impact on Jobs
Silicon Valley’s conversations about AI often sound like inevitabilities: sweeping automation, mass displacement, and workplaces remade by powerful models. Those scenarios have driven anxiety among workers and intense debate among researchers. But one practical problem underlies much of the confusion: we lack the right economic data to predict how AI-driven productivity gains will actually affect employment. Without that missing piece,